Search
Keyword: browser hijacker
CVE-2006-1191 Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive
automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{E1CB9A2C-95B6-42A9-A58E-8F69D5E0ED38}
automatic execution every time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
allows this malware to possibly add other malware on the affected computer. Installation This Trojan drops the following files: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\Browser
It opens the non-malicious URL http://www.irs.gov/pub/irs-pdf/f941.pdf to hide its malicious routines from the user. It registers the downloaded .DLL file as a Browser Helper Object (BHO) by
NOTES: It queries the default web browser by accessing the following registry entry: HKEY_CLASSES_ROOT\http\shell\open\command It then launches a hidden Web browser process (e.g. iexplore.exe) where this
following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\ Other System Modifications This Trojan deletes the following files: %System Root%
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\ Other System Modifications This Trojan deletes the following files: %System Root%\pic2.zip (Note: %System Root% is the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\ Other System Modifications This Trojan deletes the following files: %System Root%\pic2.zip (Note: %System Root% is the
\explorer\ Browser Helper Objects\{E730189A-9973-4121-B046-AD1C161EC3AF} Other System Modifications This Trojan deletes the following files: %System Root%\WIN_PO~1.BAT (Note: %System Root% is the root folder,
time Internet Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\explorer\ Browser Helper Objects\{0EDEF382-D7CF-4721-AD5F-C02DEF981FEA}
\Administrator#History.csv %User Temp%\{Compromised browser}\Administrator#LoginData.csv %User Temp%\Microsoft Edge\SS_ErrorLog.txt %User Temp%\Mozilla Firefox\SS_ErrorLog.txt %User Temp%\Yandex Browser\SS_ErrorLog.txt %User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} Other System Modifications This Trojan deletes the following files: %User Profile%
registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{A77BD516-EF72-410C-AA99-91DBCE70FF8C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
\Down.clsDown\Clsid HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects Other Details This Trojan connects to the following possibly malicious URL: http://foxpremier2.
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} Other System Modifications This Trojan adds the following registry keys: HKEY_CLASSES_ROOT
antivirus processes Manipulate files Connect to C&C server Send and receive backdoor commands Gather the following information: System information File System information Network information Browser User
This is the Trend Micro detection for potentially unwanted applications (PUA) bundled and installed with cross browser extensions. This potentially unwanted application arrives on a system as a file
zero-day exploit for the following vulnerability: CVE-2015-0311 NOTES: Once a compromised website is visited, the user's browser with a vulnerable version of Adobe Flash will load a specially crafted flash